GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-27 10:12:38
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT Vax347b.sys ZwClose
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT Vax347b.sys ZwCreateKey
SSDT Vax347b.sys ZwCreatePagingFile
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT Vax347b.sys ZwOpenKey
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation
SSDT Vax347b.sys ZwQueryValueKey
SSDT Vax347b.sys ZwSetSystemPowerState
---- Kernel code sections - GMER 1.0.12 ----
? csglyfex.sys Impossibile trovare il file specificato.
? C:\WINDOWS\system32\DRIVERS\update.sys
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86705268
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86222590
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86222590
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 862F9200
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_READ 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 861B65B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 861B65B0
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 86250BC0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86255738
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86255738
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8634A0D8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8627C758
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 863030D8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 863030D8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 863030D8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 863030D8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 863030D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86263818
---- Modules - GMER 1.0.12 ----
Module _________ F774B000-F7763000 (98304 bytes)
---- Processes - GMER 1.0.12 ----
Process C:\WINDOWS\system32\hldrrr.exe (*** hidden *** ) 220
Process C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe (*** hidden *** ) 1880
Questo è il secondo file in rosso: